Difference between revisions of "Brute force attack"
Line 4: | Line 4: | ||
One solution to brute force attacks is to disallow further attempts to enter a password after a small number of failures. For instance, an access point may allow only three attempts to login using a particular user account before locking the account; a brute force attack would in all likelihood fail thousands of times before finding the correct code, so it would not be able to gain access. | One solution to brute force attacks is to disallow further attempts to enter a password after a small number of failures. For instance, an access point may allow only three attempts to login using a particular user account before locking the account; a brute force attack would in all likelihood fail thousands of times before finding the correct code, so it would not be able to gain access. | ||
Another solution is to simply increase the length and complexity of pass codes. To succeed, the attacking program must be able to attempt all possible pass codes in a reasonable amount of time. For example, four-digit pass code only has 10,000 possible combinations; if a brute force attack program can try 1,000 combinations per second, it will gain access within ten seconds. An eight-digit pass code has 100 million possible combinations; it would take the same attacking program nearly 28 hours to try them all. By increasing the length and complexity of pass codes, it is possible to make trying every combination impractical for '''any''' computer. | Another solution is to simply increase the length and complexity of pass codes. To succeed, the attacking program must be able to attempt all possible pass codes in a reasonable amount of time. For example, a four-digit pass code only has 10,000 possible combinations; if a brute force attack program can try 1,000 combinations per second, it will gain access within ten seconds. An eight-digit pass code has 100 million possible combinations; it would take the same attacking program nearly 28 hours to try them all. By increasing the length and complexity of pass codes, it is possible to make trying every combination impractical for '''any''' computer. | ||
[[Category: Real Technology]] | [[Category: Real Technology]] |
Revision as of 18:51, 4 December 2007
A brute force attack is a computer cracking technique in which the attacker uses an automated program to try every possible combination for a password or other code in a short period of time. In theory, such an attack will always succeed if given enough time.
Countermeasures
One solution to brute force attacks is to disallow further attempts to enter a password after a small number of failures. For instance, an access point may allow only three attempts to login using a particular user account before locking the account; a brute force attack would in all likelihood fail thousands of times before finding the correct code, so it would not be able to gain access.
Another solution is to simply increase the length and complexity of pass codes. To succeed, the attacking program must be able to attempt all possible pass codes in a reasonable amount of time. For example, a four-digit pass code only has 10,000 possible combinations; if a brute force attack program can try 1,000 combinations per second, it will gain access within ten seconds. An eight-digit pass code has 100 million possible combinations; it would take the same attacking program nearly 28 hours to try them all. By increasing the length and complexity of pass codes, it is possible to make trying every combination impractical for any computer.